Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for preventing Ethernet from being attacked

a technology of ethernet and prevention methods, applied in the field of network security, can solve problems such as new destructive methods, network paralysis, and attacks on network reliability, and achieve the effects of reducing maintenance costs, improving network maintenance efficiency, and reducing the risk of attacks on ethern

Active Publication Date: 2010-05-18
HUAWEI TECH CO LTD
View PDF9 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

This approach enhances network security and reliability by dynamically managing MAC addresses, reducing the risk of attacks and improving maintenance efficiency and cost-effectiveness by automatically updating the MAC table without manual intervention.

Problems solved by technology

Attack to network reliability is one kind of these new destructive methods.
Consequently, network paralysis will be caused and more losses will be brought to users.
At the same time, because of different users existing in the inner network, it is impossible for a network management department to monitor and control the network usage of each user within the inner network.
For users that communicate with others through Ethernet, once Ethernet is attacked and network paralysis occurs, there will be massive losses which are in direct proportion to the paralysis time even if no valuable data is lost; for companies which operate business based on Ethernet, such loss is more serious than losing data.
There is no authentication mechanism in the above-mentioned MAC address learning process, so some malicious users may attack a single user in Ethernet or whole Ethernet.
That is, after this learning process, the map between MAC 1 and Port 1 in the switch's MAC table will transfer to the map between MAC 1 and Port 2 Therefore, all the data packets to be sent to PC 1 will be transmitted to Port 2 and then to PC 2, resulting in PC 1 failing to receive the data packets normally.
If the malicious user adopts the same method to attack multiple hosts and even all hosts in Ethernet, the whole Ethernet will be close to paralysis.
Besides the above-mentioned MAC address cheating, malicious users can attack Ethernet through MAC address bombing.
Thus the switch needs to update the MAC table after receiving each data packet with different source address, and the MAC table of the switch will be in an unstable state.
If the source MAC address carried in these data packets is the true address of a network device in Ethernet, this network device cannot communicate normally.
This method is usually used by viruses to implement MAC bombing to whole Ethernet through the hosts which are infected by viruses, thereby destroying normal operations of the whole Ethernet.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing Ethernet from being attacked
  • Method for preventing Ethernet from being attacked
  • Method for preventing Ethernet from being attacked

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020]Now, an embodiment of the present invention will be described in detail hereinafter with reference to accompanying drawings.

[0021]In Ethernet, all data packets to be forwarded come from user devices in a user layer of a network. The user devices include Ethernet terminal devices such as PCs, servers, IP telephone sets and so on, and switch which is in access layer connect these user devices together. Each of the Ethernet terminal devices has respective MAC addresses which usually do not change, i.e., the MAC address of each port at the switch usually does not change, unless the MAC addresses corresponding to the switch ports may change only under the circumstances of the entire terminal device being replaced, the PC network NIC being changed or the terminal device being moved with a long distance, under which physical connection between the terminal device and the switch needs to be disconnected. The present embodiment applies a learning mechanism to the switch, and determines...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for preventing Ethernet from being attacked is provided. The method comprises the steps as follows: after detecting a new connection between a port and a terminal device and receiving a data packet from the terminal device, an Ethernet communication device establishing and storing a fixed map between the port and a hardware address of the terminal device, then forwarding the data packet according to the fixed map; after detecting a disconnection between the port and the terminal device, the Ethernet communication device deleting the fixed map.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This application is a National Phase Patent Application of International Application Number PCT / CN2004 / 000997, filed on Aug. 27, 2004, which claims priority of Chinese Patent Application Number 200310103400.7, filed on Oct. 30, 2003.FIELD OF THE TECHNOLOGY[0002]The invention relates to network security, in particular to a method for preventing Ethernet from being attacked.BACKGROUND OF THE INVENTION[0003]At present, destruction of network virus becomes more and more diversified and many new destructive methods appear. Attack to network reliability is one kind of these new destructive methods. The purpose of this kind of attack is not to steal information, but to attack network devices targeting on security vulnerabilities in networks and destroy normal network communication. Consequently, network paralysis will be caused and more losses will be brought to users. The attack to Ethernet is a familiar mode of this kind of attack.[0004]In con...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L12/24H04L29/06H04L29/08H04L29/12
CPCH04L29/12009H04L41/28H04L69/323H04L63/1441H04L63/162H04L61/00
Inventor YANG, LEI
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com